What information is contained in the options section of a Snort rule? direction of traffic flow source and destination address action to be taken text describing the event Answers Explanation…
Refer to the exhibit. Which field in the Sguil application window indicates the priority of an event or set of correlated events? CNT ST Pr AlertID Answers Explanation & Hints:…
What is indicated by a Snort signature ID that is below 3464? The SID was created by members of EmergingThreats. The SID was created by Sourcefire and distributed under a…
What are security event logs commonly based on when sourced by traditional firewalls? 5-tuples static filtering signatures application analysis Answers Explanation & Hints: Traditional firewalls commonly provide security event logs…
Refer to the exhibit. A security analyst is reviewing an alert message generated by Snort. What does the number 2100498 in the message indicate? the message length in bits the…
Refer to the exhibit. A network administrator is viewing some output on the Netflow collector. What can be determined from the output of the traffic flow shown? This is a…
Which Cisco appliance can be used to filter network traffic contents to report and deny traffic based on the web server reputation? ASA AVC ESA WSA Answers Explanation & Hints:…
How does a web proxy device provide data loss prevention (DLP) for an enterprise? by functioning as a firewall by scanning and logging outgoing traffic by inspecting incoming traffic for…
In a Cisco AVC system, in which module is NetFlow deployed? Control Metrics Collection Application Recognition Management and Reporting Answers Explanation & Hints: NetFlow technology is deployed in the Metrics…
Which information can be provided by the Cisco NetFlow utility? IDS and IPS capabilities peak usage times and traffic routing security and user account restrictions source and destination UDP port…
Match the SIEM function with the description. Explanation & Hint: This is focusing on the functions of a Security Information and Event Management (SIEM) system. SIEM systems are used for…
Which Windows log contains information about installations of software, including Windows updates? setup logs system logs security logs application logs Answers Explanation & Hints: On a Windows host, setup logs…
What does it indicate if the timestamp in the HEADER section of a syslog message is preceded by a period or asterisk symbol? There is a problem associated with NTP.…
Match the threat intelligence sharing standards with the description. Explanation & Hint: STIX (Structured Threat Information eXpression): STIX is a language for describing cyber threat information in a standardized and structured…
What is the primary purpose of the Malware Information Sharing Platform (MISP) ? to exchange all the response mechanisms to known threats to publish all informational materials on known and…
What is CybOX? It is a specification for an application layer protocol that allows the communication of CTI over HTTPS. It is a set of standardized schemata for specifying, capturing,…
Which statement describes Trusted Automated Exchange of Indicator Information (TAXII)? It is a dynamic database of real-time vulnerabilities. It is a set of specifications for exchanging cyber threat information between…
Which organization defines unique CVE Identifiers for publicly known information-security vulnerabilities that make it easier to share data? Cisco Talos MITRE FireEye DHS Answers Explanation & Hints: The United States…
How does FireEye detect and prevent zero-day attacks? by keeping a detailed analysis of all viruses and malware by establishing an authentication parameter prior to any data exchange by only…
What is the primary function of the Center for Internet Security (CIS)? to provide vendor-neutral education products and career services to industry professionals worldwide to provide a security news portal…